lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 24 Apr 2014 17:43:05 +0200
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Lorenzo Colitti <lorenzo@...gle.com>
Cc:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>,
	David Miller <davem@...emloft.net>,
	Eric Dumazet <eric.dumazet@...il.com>
Subject: Re: [PATCH net-next v4 1/3] net: ipv6: Unduplicate {raw,udp}v6_sendmsg code

On Fri, Apr 25, 2014 at 12:13:57AM +0900, Lorenzo Colitti wrote:
> On Fri, Apr 25, 2014 at 12:02 AM, Hannes Frederic Sowa
> <hannes@...essinduktion.org> wrote:
> > > I am afraid we could jump to do_append_data without having dontfrag
> > > initialized. The jump happens before we call to ip6_datagram_send_common.
> > >
> > > So the initialization of dontfrag to -1 needs to be added to the caller.
> >
> > Also see e36d3ff91130002 (udp6: respect IPV6_DONTFRAG sockopt in case there
> > are pending frames) which was a bug we had some time ago.
> 
> Hmm. So I'm the second person to trip over that goto. It doesn't help
> that the compiler didn't notice that it could have been used
> uninitialized.
> 
> I wonder, is it better to just initialize dontfrag to np->dontfrag
> instead of -1 in the caller? ip6_datagram_send_ctl seems to just
> overwrite dontfrag with whatever comes from userspace, so nobody ever
> checks that it's < 0.

Yes, that is what I had in mind. So we must not reset dontfrag to -1 in
datagram_common_send and leave the check just after do_append_data as is.

Bye,

  Hannes

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ